Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/mGU_ZM8C_67y-U_MSCItqM-7NVs.roa
File:                     mGU_ZM8C_67y-U_MSCItqM-7NVs.roa (raw, json)
Hash identifier:          /prGVdEgBVD01uVKzuuRhV754d4P2Vo6sa25WVn4UwQ=
Subject key identifier:   98:65:3F:64:CF:02:FF:AE:F2:F9:4F:CC:48:22:2D:A8:CF:BB:35:5B
Certificate issuer:       /CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
Certificate serial:       019D90DDFBA42D0C41D71045EEFB28190E26
Authority key identifier: 48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/mGU_ZM8C_67y-U_MSCItqM-7NVs.roa
Signing time:             Wed 15 Apr 2026 11:19:20 +0000
ROA not before:           Wed 15 Apr 2026 11:19:20 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     44382
IP address blocks:        45.141.148.0/24 maxlen: 24
                          194.116.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Apr 2026 02:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9d:90:dd:fb:a4:2d:0c:41:d7:10:45:ee:fb:28:19:0e:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4805f17c2d7133d2dad3a8df7e35315e37ef5daf
        Validity
            Not Before: Apr 15 11:19:20 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=98653f64cf02ffaef2f94fcc48222da8cfbb355b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:1f:64:3b:a3:7b:0d:b3:16:6a:aa:d5:79:7d:
                    cd:6b:37:c9:6b:9c:3d:40:ba:3f:1c:bf:bc:94:ab:
                    7a:c0:65:77:71:38:6c:cf:ab:fc:27:21:de:42:d0:
                    97:f9:09:6c:07:08:38:9d:6b:43:a4:dd:66:e4:5f:
                    27:32:5e:47:a4:21:65:a1:11:ee:4a:9c:87:6d:88:
                    a9:3b:6e:cc:8b:3e:ea:49:6e:4a:6a:f7:f5:ce:b8:
                    35:ec:67:72:a7:99:70:49:f7:0f:85:7d:df:0f:4a:
                    5c:3c:5d:f9:3b:35:bd:13:f2:e8:79:1c:61:02:ca:
                    68:60:f8:3c:a3:76:72:4e:73:7b:8a:15:72:af:f2:
                    c6:8d:91:06:8f:60:24:7e:4d:39:b2:a0:42:a7:e0:
                    cf:fb:37:d9:59:85:c2:e1:7e:45:16:47:cc:01:e3:
                    3d:c6:2a:40:1c:95:29:a7:2f:c7:ae:f4:c0:0f:e4:
                    07:bb:be:85:cc:64:d2:21:1c:f8:e2:6e:b7:ec:53:
                    c2:dd:73:b2:5d:da:83:f3:dd:ad:a6:9d:d1:cb:2f:
                    fe:cc:14:ce:2d:b1:03:6d:ee:87:7b:6b:cd:29:3a:
                    01:d6:a2:82:d1:43:ea:1c:f1:39:b7:dc:89:cb:c8:
                    01:63:45:f6:0d:09:14:b0:b9:79:2b:11:3a:12:0c:
                    ae:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:65:3F:64:CF:02:FF:AE:F2:F9:4F:CC:48:22:2D:A8:CF:BB:35:5B
            X509v3 Authority Key Identifier:
                keyid:48:05:F1:7C:2D:71:33:D2:DA:D3:A8:DF:7E:35:31:5E:37:EF:5D:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SAXxfC1xM9La06jffjUxXjfvXa8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/mGU_ZM8C_67y-U_MSCItqM-7NVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/8e07dd-4fe5-4820-bcbe-5dd6e22ebab0/1/SAXxfC1xM9La06jffjUxXjfvXa8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.148.0/24
                  194.116.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:75:a9:12:f2:9d:e6:f7:da:c4:08:e6:e7:a1:cf:7d:03:62:
         6c:44:9a:d6:0a:04:90:f0:dc:70:b6:35:15:69:a9:a8:da:71:
         1a:c2:64:b7:b9:fd:0f:be:35:ab:83:9b:ca:92:1e:e5:e9:3f:
         8c:3b:1d:58:3d:85:64:94:33:b2:55:f8:c0:41:39:09:18:12:
         48:da:2e:a1:e8:57:03:32:71:7f:01:da:0c:82:cf:04:5d:1f:
         23:dc:b9:f2:93:a0:ff:9e:d2:73:7f:21:b4:bc:54:ee:5a:b3:
         c3:d0:f3:ce:83:8e:f9:ff:e6:78:5a:7c:74:3a:06:17:c5:83:
         bf:2b:c6:9a:ab:80:b0:e6:4c:ef:96:e3:2c:94:26:a3:b7:26:
         17:0d:9e:26:f8:5a:4e:6b:fe:41:3c:a0:32:45:ad:40:10:e4:
         0c:b9:98:de:d2:44:e1:8b:cf:da:73:06:18:ba:56:13:d6:07:
         37:78:c3:21:4e:69:d6:53:a1:bb:cc:2c:d8:24:5b:f0:a1:a7:
         92:d7:91:25:1e:ac:b1:34:18:a0:f8:c5:ec:a4:48:7c:58:8e:
         35:7c:72:48:60:77:78:d7:21:e9:be:1e:d9:ee:22:f7:1c:4e:
         65:27:7b:0d:9e:a0:cf:b2:21:56:4f:ef:21:b0:d0:5e:23:9e:
         09:8e:3c:1b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZ2Q3fukLQxB1xBF7vsoGQ4mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4MDVmMTdjMmQ3MTMzZDJkYWQzYThkZjdlMzUzMTVlMzdl
ZjVkYWYwHhcNMjYwNDE1MTExOTIwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODY1M2Y2NGNmMDJmZmFlZjJmOTRmY2M0ODIyMmRhOGNmYmIzNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtR9kO6N7DbMWaqrVeX3NazfJa5w9
QLo/HL+8lKt6wGV3cThsz6v8JyHeQtCX+QlsBwg4nWtDpN1m5F8nMl5HpCFloRHu
SpyHbYipO27Miz7qSW5Kavf1zrg17Gdyp5lwSfcPhX3fD0pcPF35OzW9E/LoeRxh
AspoYPg8o3ZyTnN7ihVyr/LGjZEGj2Akfk05sqBCp+DP+zfZWYXC4X5FFkfMAeM9
xipAHJUppy/HrvTAD+QHu76FzGTSIRz44m637FPC3XOyXdqD892tpp3Ryy/+zBTO
LbEDbe6He2vNKToB1qKC0UPqHPE5t9yJy8gBY0X2DQkUsLl5KxE6EgyuSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJhlP2TPAv+u8vlPzEgiLajPuzVbMB8GA1UdIwQY
MBaAFEgF8XwtcTPS2tOo3341MV43712vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUt
NWRkNmUyMmViYWIwLzEvbUdVX1pNOENfNjd5LVVfTVNDSXRxTS03TlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi84ZTA3ZGQtNGZlNS00ODIwLWJjYmUtNWRkNmUyMmViYWIw
LzEvU0FYeGZDMXhNOUxhMDZqZmZqVXhYamZ2WGE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALY2UAwQA
wnTsMA0GCSqGSIb3DQEBCwUAA4IBAQCQdakS8p3m99rECObnoc99A2JsRJrWCgSQ
8NxwtjUVaamo2nEawmS3uf0PvjWrg5vKkh7l6T+MOx1YPYVklDOyVfjAQTkJGBJI
2i6h6FcDMnF/AdoMgs8EXR8j3Lnyk6D/ntJzfyG0vFTuWrPD0PPOg475/+Z4Wnx0
OgYXxYO/K8aaq4Cw5kzvluMslCajtyYXDZ4m+FpOa/5BPKAyRa1AEOQMuZje0kTh
i8/acwYYulYT1gc3eMMhTmnWU6G7zCzYJFvwoaeS15ElHqyxNBig+MXspEh8WI41
fHJIYHd41yHpvh7Z7iL3HE5lJ3sNnqDPsiFWT+8hsNBeI54Jjjwb
-----END CERTIFICATE-----